Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of Claims: 

1. (Currently amended) A method in a data processing system for managing access to resources, the 
method comprising: 

responsive to matching an entry in an access control list of a specific resource with credentials of 
a process, g ranting a proc e ss a security identifier given by the access control list to the process , wherein 
the security identifier has no meaning outside of being used to make an access decision for [[a]] the 
specific resource; 
and 

responsive to the process requesting access to the specific resource, generating the access 
decision based on the security identifier. 

2. (Currently amended) The method of claim 1, wherein granting a security identifier given by the 
access control list to the process further comprises: 

adding the security identifier to the credentials of the process to form an object access identifier. 
wherein the object access identifier is granted based on a path of execution. 

3. (Currently amended) The method of claim 1, wherein granting a security identifier given by the 
access control list to the process further comprises: 

adding the security identifier to the credentials of the process to form an object access identifier. 
wherein the object access identifier is granted based on an identity of the process and a second process 
invoked by the process. 

4. (Currently amended) The method of claim 1, wherein granting a security identifier given by the 
access control list to the process further comprises: the granting st e p includ e s : 

setting the security identifier in [[a]] an access control list operation. 

5. (Original) The method of claim 1 further comprising: 

changing the security identifier in response to the process invoking a selected resource. 
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6. (Currently amended) The method of claim 1, wherein generating the access decision based on the 
security identifier further comprises : 

using the security identifier as an identity in an access control list to identify a right to the specific 
resource. 

7. (Currently amended) The method of claim 1, wherein the entry in the access control list is a first 
entry and wherein generating the access decision based on the security identifier further comprises: 

comparing a second entry in the access control list with the credentials of the process: and 
responsive to the second entry matching the security identifier in the credentials of the process. 

generating an access decision that grants the process access to the specific resource, wherein the security 

identifier is a right in an access control list. 

8. (Currently amended) A data processing system for managing access to resources, the data 
processing system comprising: 

granting means for granting a proc e ss a security identifier given by an access control list to a 
process in response to matching an entry in the access control list of a specific resource with credential of 
the process , wherein the security identifier has no meaning outside of being used to make an access 
decision for [[a]] the specific resource; and 

generating means responsive to the process requesting access to the specific resource, for 
generating the access decision based on the security identifier. 

9. (Currently amended) The data processing system of claim 8, wherein the granting means further 
comprises: 

adding means for adding the security identifier to the credentials of the process to form an object 
access identifier, wherein the object access identifier is granted based on a path of execution. 

10. (Currently amended) The data processing system of claim 8, wherein the granting means further 
comprises: 

adding means for adding the security identifier to the credentials of the process to form an object 
access identifier, wherein the object access identifier is granted based on an identity of the process and a 
second process invoked by the process. 
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11. (Currently amended) The data processing system of claim 8, wherein the granting means 
includes: 

setting means for setting the security identifier [[a]] in an access control list operation. 

12. (Original) The data processing system of claim 8 further comprising: 

changing means for changing the security identifier in response to the process invoking a selected 
resource. 

13. (Original) The data processing system of claim 8, wherein the generating means includes: 
using means for using the security identifier as an identity in an access control list to identify a 

right to the specific resource. 

14. (Original) The data processing system of claim 8, wherein the security identifier is a right in an 
access control list. 

15. (Currently amended) A computer program product in a computer readable medium in a data 
processing system for managing access to resources, the computer program product comprising: 

first instructions for granting a proo e so a security identifier given by an access control list to a 
process in response to matching an entry in the access control list of a specific resource with credentials 
of the process , wherein the security identifier has no meaning outside of being used to make an access 
decision for [[a]] the specific resource; and 

second instructions responsive to the process requesting access to the specific resource, for 
generating the access decision based on the security identifier. 

16. (Currently amended) The computer program product of claim 15, wherein the first instructions 
further comprises: 

sub-instructions for adding the security identifier to the credentials of the process to form an 
object access identifier, wherein the object access identifier is granted based on a path of execution. 

17. (Currently amended) The computer program product of claim 15, wherein the first instructions 
further comprises: 

sub-instructions for adding the security identifier to the credentials of the process to form an 
object access identifier, wherein the object access identifier is granted based on an identity of the process 
and a second process invoked by the process. 
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18. (Currently amended) The computer program product of claim 15, wherein the first instructions 
includes: 

sub-instructions for setting the security identifier [[a]] jn an access control list operation. 

19. (Original) The computer program product of claim 15 further comprising: 

third instructions for changing the security identifier in response to the process invoking a 
selected resource. 

20. (Original) The computer program product of claim 15, wherein the second instructions includes: 
sub-instructions for using the security identifier as an identity in an access control list to identify a 

right to the specific resource. 

21. (Original) The computer program product of claim 15, wherein the security identifier is a right in 
an access control list. 

22. (Currently amended) A data processing system comprising: 
a bus system; 

a memory connected to the bus system, wherein the memory includes a set of instructions; and 
a processing unit connected to the bus system, wherein the processing unit executes the set of 
instructions to grant a proc e ss a security identifier given by an access control list of a specific resource to 
a process in response to matching an entry in the access control list with credentials of the process , 
wherein the security identifier has no meaning outside of being used to make an access decision for the 
[[a]] specific resource; and generate the access decision based on the security identifier responsive to the 
process requesting access to the specific resource. 
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